Solaris Patching - News and Best Practice

'wget', 'pca', and TLP users need to accept updated software license

As the software license agreement terms were updated last week upon Sun becoming a wholly owned subsiduary of Oracle, customers who use 'wget' to automate patch downloads from SunSolve will need to login in once to SunSolve and accept the updated software license agreement before they can continue to use 'wget'. Please note that some popular patch automation tools such as Traffic Light Patching (TLP) and the 3rd party 'pca' tool use 'wget' and hence this notice is applicable to them too.

Alert: wget customers ~
Please log into SunSolve to re-accept the new Software License
Agreement prior to running any wget scripts. You can also look under
"Update Account" and refer to:Step 5: Register for patch download automation
Check the box to confirm that you read the license and save the changes. Downloads will work as normal at this point.

Thanks Gerry. This doesn't affect us, since we already have a contract. Even so, I read that some potential customers are concerned that new security fixes are no longer freely available. Entitlement strategy aside, I hope that this does not harm future Solaris adoption.

On an unrelated note, I have a question about how Patchfinder identifies Security or Recommended patches.

I searched for all Solaris 10 patches (any platform) to see if Patchfinder came up with the same list that pca identified. From what I can tell, there were a couple of applicable patches that didn't appear in Patchfinder's results:

I can see that it may be more intuitive if the search were to match either as opposed to both criteria, if you select both "New Security Fix" & "Accumulated Security Fix". I've started discussion with my colleague Brian Kidney, who wrote and maintains PatchFinder regarding this.
For now, as all new security fixes will also be flagged as new security fixes, just searching for accumulated security fixes should give you the desired result.

About

This blog is to inform customers about patching best practice, feature enhancements, and key issues. The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.
The Documents contained within this site may include statements about Oracle's product development plans. Many factors can materially affect these plans and the nature and timing of future product releases. Accordingly, this Information is provided to you solely for information only, is not a commitment to deliver any material code, or functionality, and SHOULD NOT BE RELIED UPON IN MAKING PURCHASING DECISIONS. The development, release, and timing of any features or functionality described remains at the sole discretion of Oracle. THIS INFORMATION MAY NOT BE INCORPORATED INTO ANY CONTRACTUAL AGREEMENT WITH ORACLE OR ITS SUBSIDIARIES OR AFFILIATES. ORACLE SPECIFICALLY DISCLAIMS ANY LIABILITY WITH RESPECT TO THIS INFORMATION. ~~~~~~~~~~~~ Gerry Haskins,
Director, Software Lifecycle Engineer